unix socket forgejo?

2025-01-09 23:36:22 -08:00 · 2025-01-09 23:36:22 -08:00 · b482fbc2ea
commit b482fbc2ea
parent 2232ad3f31
2 changed files with 52 additions and 55 deletions
--- a/hosts/nixos-server-reid/webapps/default.nix
+++ b/hosts/nixos-server-reid/webapps/default.nix
@ -6,11 +6,6 @@ in {
  config = {
    modules = {
      services = {
-        forgejo = {
-          enable = true;
-          domain = "git.reidlab.pink";
-          port = 3000;
-        };

        # you should probably keep this on
        # actually enables nginx, configures acme,
@ -22,6 +17,11 @@ in {
          "reidlab.pink".dataDir = "/var/www/reidlab.pink";
        };

+        forgejo = {
+          enable = true;
+          domain = "git.reidlab.pink";
+        };
+
        matomo = {
          enable = true;
          domain = "analytics.reidlab.pink";
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -10,62 +10,59 @@ in {
      type = types.str;
      default = "git.reidlab.pink";
    };
-    port = mkOption {
-      type = types.int;
-      default = 3000;
-    };
  };

  config = mkIf cfg.enable {
-    services = {
-      forgejo = {
-        enable = true;
-        stateDir = "/var/lib/${cfg.domain}";
-        database.type = "postgres";
-        settings = {
-          "DEFAULT" = {
-            APP_NAME = "reidlab's git instance";
-          };
-          "security" = {
-            INSTALL_LOCK = true;
-            PASSWORD_HASH_ALGO = "argon2";
-            PASSWORD_CHECK_PWN = true;
-          };
-          "ui.meta" = {
-            AUTHOR = "reidlab";
-            DESCRIPTION = "reidlab's git instance";
-          };
-          "server" = {
-            DOMAIN = cfg.domain;
-            HTTP_PORT = cfg.port;
-            ROOT_URL = "https://${cfg.domain}/";
-          };
-          "repository" = {
-            DEFAULT_BRANCH = "main";
-          };
-          "picture" = {
-            DISABLE_GRAVATAR = false;
-            ENABLE_FEDERATED_AVATAR = true;
-          };
-          "service" = {
-            ENABLE_CAPTCHA = false;
-            REGISTER_EMAIL_CONFIRM = false;
-            DEFAULT_KEEP_EMAIL_PRIVATE = true;
-            DEFAULT_ENABLE_TIMETRACING = true;
-            DISABLE_REGISTRATION = true;
-          };
-          "federation" = {
-            ENABLED = true;
-          };
+    services.forgejo = {
+      enable = true;
+
+      stateDir = "/var/lib/${cfg.domain}";
+      database.type = "postgres";
+      settings = {
+        "DEFAULT" = {
+          APP_NAME = "reidlab's git instance";
+        };
+        "security" = {
+          INSTALL_LOCK = true;
+          PASSWORD_HASH_ALGO = "argon2";
+          PASSWORD_CHECK_PWN = true;
+        };
+        "ui.meta" = {
+          AUTHOR = "reidlab";
+          DESCRIPTION = "reidlab's git instance";
+        };
+        "server" = {
+          DOMAIN = cfg.domain;
+          PROTOCOL = "http+unix";
+          ROOT_URL = "https://${cfg.domain}/";
+        };
+        "repository" = {
+          DEFAULT_BRANCH = "main";
+        };
+        "picture" = {
+          DISABLE_GRAVATAR = false;
+          ENABLE_FEDERATED_AVATAR = true;
+        };
+        "service" = {
+          ENABLE_CAPTCHA = false;
+          REGISTER_EMAIL_CONFIRM = false;
+          DEFAULT_KEEP_EMAIL_PRIVATE = true;
+          DEFAULT_ENABLE_TIMETRACING = true;
+          DISABLE_REGISTRATION = true;
+        };
+        "federation" = {
+          ENABLED = true;
        };
      };
+    };

-      nginx.virtualHosts."${cfg.domain}" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".extraConfig = ''
-          client_max_body_size 600M;
-          proxy_pass http://127.0.0.1:${toString cfg.port};
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}";
+        extraConfig = ''
+          client_max_body_size 512M;
        '';
      };
    };